Watch Out Wednesday – August 31, 2022

by | Aug 30, 2022 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – August 31, 2022

by | Aug 30, 2022 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Beaver Builder, Event Calendar, Add User Role and more!

Plugin: Beaver Builder

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.5.5.3
Recommended Action: Update the WordPress Beaver Builder plugin to the latest available version (at least 2.5.5.3).

Plugin: Add User Role

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 29, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Slickr Flickr

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 25, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Form Builder CP

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.32
Recommended Action: Update the WordPress Form Builder CP plugin to the latest available version (at least 1.2.32).

Plugin: WPtouch

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.3.44
Recommended Action: Update the WordPress WPtouch plugin to the latest available version (at least 4.3.44).

Plugin: Site Offline

Vulnerability: Bypass Vulnerability
Patched Version: 1.5.3
Recommended Action: Update the WordPress Site Offline plugin to the latest available version (at least 1.5.3).

Plugin: Zephyr Project Manager

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.2.5
Recommended Action: Update the WordPress Zephyr Project Manager plugin to the latest available version (at least 3.2.5).

Plugin: WPvivid Backup and Migration

Vulnerability: Other Vulnerability Type
Patched Version: 0.9.77
Recommended Action: Update the WordPress WPvivid Backup and Migration plugin to the latest available version (at least 0.9.77).

Plugin: Ultimate SMS Notifications for WooCommerce

Vulnerability: CSV Injection
Patched Version: 1.4.2
Recommended Action: Update the WordPress Ultimate SMS Notifications for WooCommerce plugin to the latest available version (at least 1.4.2).

Plugin: Visual Composer Website Builder

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.

Plugin: WP Users Exporter

Vulnerability: CSV Injection
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of January 8, 2020 and is not available for download. Reason: Security Issue.

Plugin: Better Delete Revision

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 26, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Launcher: Coming Soon & Maintenance Mode

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. Ignored by the vendor.

Plugin: Polls Widget

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Event Calendar – Calendar

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Better Font Awesome

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Advanced Order Export For WooCommerce

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.3.2
Recommended Action: Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available version (at least 3.3.2).

Plugin: wp-forecast

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Access Code Feeder

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: About Me

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: About Rentals

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Accommodation System

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: SEO Scout

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Alphabetic Pagination

Vulnerability: Other Vulnerability Type
Patched Version: 3.0.8
Recommended Action: Update the WordPress Alphabetic Pagination plugin to the latest available version (at least 3.0.8).

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *